Ethical Hacking Practitioner (Incl. Exam S-EHP) / English

Online instructor-led Ethical Hacking Practitioner course. Learn how to conduct real-life penetration tests from experienced ethical hackers and develop advanced hacking skills with lab challenges.

Developed by expert ethical hackers, this online instructor-led Ethical Hacking Practitioner course equips you with advanced hands-on penetration testing skills and experience. In this course, you will learn to design your penetration testing process from intake to reporting, use advanced hacking lab exercises to find and exploit network, device, access control, software and database vulnerabilities, and practice vulnerability rating and reporting to customers. At the end of the course, you will carry out a complex black box penetration test. You will use your hacking skills to break into a (simulated) company’s systems and steal business secrets, and you will draft a management report on the vulnerabilities you have encountered.

In our online instructor-led Ethical Hacking Practitioner course, you will build advanced hands-on penetration testing skills through completing lab challenges and getting best practice insights from expert ethical hackers with extensive experience in penetration testing and security consultancy. By the end of this course, you will have the skills necessary to qualify for (junior) penetration testing positions or other security analyst, consultant and specialist roles that require ethical hacking skills.

In this course, you will first learn how to plan your penetration test to ensure maximum effectiveness as well as legal, ethical and contractual compliance. You will understand how to choose the most suitable test type, how to put the necessary legal and administrative safeguards in place before running a test, how to determine the scope, duration and costs of your pen test, and how to organise and use the information you will find to be able to proceed and provide effective reports.

After covering the pre-engagement / engagement phase, you will use open-source intelligence (OSINT) and advanced scanning techniques to find information on your target and identify areas that may be open to exploits. You will combine the information found into a profile, and use this as a starting point to plan your attacks.

Following passive and active reconnaissance, you will take a deep dive into finding and exploiting network protocol vulnerabilities, including performing spoofing attacks, man-in-the-middle attacks and DNS enumeration.

Moving on, you will learn how to find and exploit vulnerabilities in mobile and IoT devices, including reverse-engineering a mobile application to find vulnerabilities in the app or the backend services/system.

After finding and exploiting network and device vulnerabilities, you will explore how to find and exploit weaknesses in identification, authentication, authorisation and session management. At this stage, you will get in-depth understanding of identity & access management, multi-factor and multi-step authentication, and the most commonly used authentication protocols. You will learn how to attack directory services, and how to find and exploit broken authentication and session controls.

Finally, you will learn how to detect and exploit vulnerabilities in databases and software, including finding overflow and other software vulnerabilities by fuzzing, static code analysis, reverse-engineering and decompiling.

At the end of the course, you will learn how to rate vulnerabilities using CVSS and how to draft a clear, concise and informative report for customers.

Our Ethical Hacking Practitioner course has a unique focus on the practical aspects of penetration testing. In this course, you will get in-depth coverage of each key stage of the penetration testing process from pre-engagement to reporting, and you will build practical penetration testing skills by performing hands-on lab exercises in OSINT, port scanning, network service testing, device testing, access control testing and software/database testing. You will be trained by experienced ethical hackers who can give you the practical insights you need to successfully apply your penetration testing skills to real-world assignments.

This online Ethical Hacking Practitioner course consists of 5 course days combining theory with real-world examples and hacking lab exercises. By the end of this course, you will be able to perform a real-world penetration test and you will be fully prepared to take the [SECO-Institute Ethical Hacking Practitioner certification exam](https://www.seco-institute.org/certifications/ethical-hacking-track/practitioner/) to qualify for (junior) penetration testing jobs.

This course is usually scheduled to run over 5 weeks with one intense course session a week. Course days start at 10.00 a.m. and end around 17.30 p.m.

In-company courses can be run online or on-site at your location, and can be scheduled flexibly.

Module 1: Pre-Engagement and Reconnaissance

* Understand what pen testing is, what types of pen tests you can use for what purposes, and how to choose the type of test that is the most suitable for your purpose
* Put in place appropriate legal, ethical and contractual safeguards before starting a pen test
* Use advanced open-source intelligence (OSINT) techniques to find information on a target and identify relevant information for the pen test
* Apply advanced scanning techniques to find (more) information on the target
* Use OSINT and scanning information to create a profile you can use to plan attacks
* Identify vulnerabilities during OSINT and scanning, and include relevant vulnerability information in a (preliminary) report

Module 2: Linux & Scripting

* Familiarise yourself with Kali Linux functionalities and tools
* Write basic Bash and Python scripts for (test) automation

Module 3: Testing Network Services

* Understand how network protocols work and find information on specific protocols to find vulnerabilities
* Carry out a low-level spoofing attack
* Launch a man-in-the-middle attack using lower-level protocols
* Use Burp Suite and ZAP as a man-in-the-middle proxy
* Find and exploit FTP vulnerabilities
* Find and exploit SSH vulnerabilities
* Find and exploit SMB vulnerabilities
* Understand how DNS works and perform DNS enumeration
* Use ‘Responder’ to gather information and exploit weaknesses on the network/application level

Module 4: Testing Devices

* Understand the fundamentals of mobile device architecture
* Grasp the security architecture of Android and iOS
* Use Android developer tools to exploit vulnerabilities in devices
* Identify suitable tools to reverse-engineer an application and understand how these tools work
* Perform basic reverse engineering on a mobile app to find and exploit vulnerabilities in the app or the backend services/system.

Module 5: Testing Access Control

* Understand the Identity & Access Management process (enrolment, identification, authentication, authorisation, granting access, accounting)
* Understand how multi-factor and multi-step authentication work
* Attack directory services using common tools
* Understand how Kerberos, SAML, OAuth2 and tokens (sliding tokens) are used to secure access
* Understand the workings of protocols: Kerberos, SAML, OAuth2, tokens (sliding tokens) and certificate pinning (HSTS)
* Find broken authentication controls in desktop applications / mobile applications / OS calls / Single Sign-On algorithm + implementations, and exploit the vulnerabilities
* Find broken session controls in desktop applications / DLL (calls) / API calls / mobile applications / web applications / REST services and SOAP services/ thin client-based services like RDP, Citrix, SSH, VNC, and exploit the vulnerabilities

Module 6: Testing Software and Databases

* Understand software architecture and structure
* Find weaknesses in code or binaries by using techniques as fuzzing, static code analysis, reverse engineering and decompiling
* Reproduce attack vectors on software
* Apply fuzzing techniques and use them to find overflow and other vulnerabilities
* Understand how database servers work and use this knowledge to attack databases and software
* Use Metasploit exploit modules

Module 7: Conclusion – Reporting

* Use CVSS to rate vulnerabilities
* Draft a clear, concise and informative penetration testing report

Module 8: Capture the Flag

* Use your penetration testing skills to break into a (simulated) company’s systems and steal business secrets
* Draft an effective penetration testing report for your customer

We believe in the power of practical learning based on sharing field experience. Our goal is to help you develop skills you can immediately put into action. In this Ethical Hacking Practitioner course, you will be trained by expert ethical hackers who are accredited trainers and combine educational expertise with extensive work experience in penetration testing.

This online instructor-led Ethical Hacking Practitioner course consists of 5 course days. In addition to participating actively in the course, we also advise you to complete at least 20 hours of self-study.

This Ethical Hacking Practitioner course is also available as online or on-site in-company training. [Our in-company trainings are flexible and can be tailored to your organisation's needs](https://www.securityacademyonline.com/incompany/). By choosing to schedule this course as in-company training, you can help your entire team develop fundamental penetration testing skills in the most time- and cost-effective way. During the training, your employees will work together on practical assignments and engage in inspiring discussions. In addition to building valuable skills, this experience will also increase their cohesion and collaboration as a team, resulting in long-term benefits for your organisation.

* Plan and organise a penetration test from intake and legal arrangements to reporting
* Master relevant Linux tools and functionalities and familiarise yourself with Bash and Python
* Use advanced OSINT and scanning techniques to perform passive and active reconnaissance, develop plans of attack and draw up a preliminary report
* Find and exploit vulnerabilities in common network protocols (HTTP, FTP, SSH, SMB, DNS)
* Find and exploit vulnerabilities in mobile and IoT devices
* Find and exploit vulnerabilities in access control and session management
* Find and exploit software and database vulnerabilities
* Rate vulnerabilities and draft a penetration testing report in line with industry best practices

* Perform a black box penetration test and draft a concise and informative report on your findings
* Prepare for the SECO-Institute Ethical Hacking Practitioner certification exam with a practice exam

Voor de mogelijke vervolgstappen kan je terecht op onze website of je kan telefonisch contact met ons opnemen.

This online instructor-led Ethical Hacking Practitioner course was designed for security professionals considering starting a career in ethical hacking / penetration testing. In addition to aspiring ethical hackers / penetration testers, the course is also suitable for SOC analysts, IT security specialists and other IT security professionals who already possess basic hacking skills and are looking for a comprehensive advanced penetration testing training with hands-on practice.

Are you new to offensive security techniques? Our [Ethical Hacking Foundation](https://www.securityacademyonline.com/training/vendors/seco-institute/ethical-hacking-foundation/) course will give you a comprehensive introduction to ethical hacking and equip you with the fundamental hacking skills you need to follow this advanced training.